-
Bug
-
Resolution: Unresolved
-
Normal
-
rhel-10.0
-
None
-
selinux-policy-40.13.13-1.el10
-
No
-
Important
-
1
-
rhel-sst-security-selinux
-
ssg_security
-
14
-
1
-
QE ack
-
False
-
-
No
-
SELINUX 241106 - 241127
-
Unspecified Release Note Type - Unknown
-
None
# matchpathcon /var/lib/selinux/targeted/{active,tmp} /etc/selinux/targeted/{active,tmp}
/var/lib/selinux/targeted/active system_u:object_r:semanage_store_t:s0
/var/lib/selinux/targeted/tmp system_u:object_r:semanage_store_t:s0
/etc/selinux/targeted/active system_u:object_r:semanage_store_t:s0
/etc/selinux/targeted/tmp system_u:object_r:selinux_config_t:s0
When semanage-store is set to /etc/selinux as is in coreos systems, selinux policy rebuild with recent libsemanage causes mislabeled files in /etc/selinux/targeted/active:
root@localhost:~# semodule -N --refresh root@localhost:~# restorecon -rvn /etc/selinux | head Would relabel /etc/selinux/targeted/active/booleans.local from system_u:object_r:selinux_config_t:s0 to system_u:object_r:semanage_store_t:s0 Would relabel /etc/selinux/targeted/active/file_contexts from system_u:object_r:selinux_config_t:s0 to system_u:object_r:semanage_store_t:s0 Would relabel /etc/selinux/targeted/active/file_contexts.homedirs from system_u:object_r:selinux_config_t:s0 to system_u:object_r:semanage_store_t:s0
For more details see https://bugzilla.redhat.com/show_bug.cgi?id=2323878
Proposed fix https://github.com/fedora-selinux/selinux-policy/pull/2420
- links to
-
RHBA-2024:140162
selinux-policy bug fix and enhancement update